Overview

overview

10

Static

static

3

24532b6718...18.dll

windows7-x64

10

24532b6718...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    28-07-2024 21:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24532b6718d3665f61db9982be0fa5a6_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    24532b6718d3665f61db9982be0fa5a6

  • SHA1

    de1d4721719be5814041d99a4559fdcb5296c985

  • SHA256

    fc52e505c69f58c26100ca9bb35c3f39bc35dd9864d7f8dd5ebd119e730b51e5

  • SHA512

    e73462d6a299bc8bb208e704136061424aeff0f73e3d067ab37d08b2eb84a4a18de9baa937cfb7f22a3aec27fb1f91ba0af779c01beb9157c9dcecc8a0461d5d

  • SSDEEP

    24576:suYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:E9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\24532b6718d3665f61db9982be0fa5a6_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2276
  • C:\Windows\system32\msconfig.exe
    C:\Windows\system32\msconfig.exe
    1⤵
      PID:2040
    • C:\Users\Admin\AppData\Local\mSXMcGT\msconfig.exe
      C:\Users\Admin\AppData\Local\mSXMcGT\msconfig.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3024
    • C:\Windows\system32\isoburn.exe
      C:\Windows\system32\isoburn.exe
      1⤵
        PID:640
      • C:\Users\Admin\AppData\Local\UYSwQO\isoburn.exe
        C:\Users\Admin\AppData\Local\UYSwQO\isoburn.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1576
      • C:\Windows\system32\mblctr.exe
        C:\Windows\system32\mblctr.exe
        1⤵
          PID:1544
        • C:\Users\Admin\AppData\Local\Ah3a3xWD\mblctr.exe
          C:\Users\Admin\AppData\Local\Ah3a3xWD\mblctr.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1492

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Ah3a3xWD\dwmapi.dll
          Filesize

          1.2MB

          MD5

          4dfdb990012f0fff0cae0d15198c4ef4

          SHA1

          7cbce6f8e4cb0b3c5da82f71f71027319a369d6a

          SHA256

          2f721037be3cabe32d28df997e368769cee854a2e697630a836bdebea73b3908

          SHA512

          88396217f869f8521ede84ce4af042076133f630fedfd13cd221fa9ffacc1fbdcafa479b901bf9eea582791a855cfeb4bca8b05b6da07cac9fa3dddab67306e0

          Download Submit

        • C:\Users\Admin\AppData\Local\UYSwQO\UxTheme.dll
          Filesize

          1.2MB

          MD5

          56e7b535d8677ec953fe562826af65cd

          SHA1

          a3874357a69e38cf2a60bbc4afa13ed65904f06a

          SHA256

          78cad39e978cb9796876d020b4670ec7db00996d60703354cdf3b17eba72e7c0

          SHA512

          f67588b51f4acd0e76745dc520bff2602d41b5c78535843109bc50245afb71077064fd88d199771e49bcdb41dea88effe0f9194cbac7a26546e71b5a7761f8ed

          Download Submit

        • C:\Users\Admin\AppData\Local\mSXMcGT\VERSION.dll
          Filesize

          1.2MB

          MD5

          941acb5c7043677831577f62b80b241f

          SHA1

          cbbb5dedd2bdc45c47cc69ac4706cff3e37f4c8b

          SHA256

          d827a6ce644a1ec6b31e34b4136fa748b480eb92ad73973c2e27cb2d137aaa00

          SHA512

          eeab5585d84ca86612d3799122b80315b282cc28805b93bffcb4faf888be71ec43feb11cf0b4f51c6ca19de5023f0cc1da8511582a45eaf6ba89560c38ba72d7

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Joeqzcwrjre.lnk
          Filesize

          875B

          MD5

          770fe916ddeb9596a8546e5f3ad6730d

          SHA1

          2fbb0d07c093c99aa39549a3a06aa98ddb91772b

          SHA256

          5c86f4c08c3bc2424eb69b24f164f15d7c108e531e6fc543fd33d648385b27f6

          SHA512

          ad60a07416c4c74aa1395667263bfd1faa0696354319a9c29a68d4024087edb0197310f586b4a9d9f7c3da9c70e4e18d40355c2d2b2ae7dc8bef979e36d46fd0

          Download Submit

        • \Users\Admin\AppData\Local\Ah3a3xWD\mblctr.exe
          Filesize

          935KB

          MD5

          fa4c36b574bf387d9582ed2c54a347a8

          SHA1

          149077715ee56c668567e3a9cb9842284f4fe678

          SHA256

          b71cdf708d4a4f045f784de5e5458ebf9a4fa2b188c3f7422e2fbfe19310be3f

          SHA512

          1f04ce0440eec7477153ebc2ce56eaabcbbac58d9d703c03337f030e160d22cd635ae201752bc2962643c75bbf2036afdd69d97e8cbc81260fd0e2f55946bb55

          Download Submit

        • \Users\Admin\AppData\Local\UYSwQO\isoburn.exe
          Filesize

          89KB

          MD5

          f8051f06e1c4aa3f2efe4402af5919b1

          SHA1

          bbcf3711501dfb22b04b1a6f356d95a6d5998790

          SHA256

          50dcb4be409f50d26c0fc32dd9cdbf96bff4e19bf624221cb566ebeb3e09ce1a

          SHA512

          5f664d937abe4426ee7e0d8491a395f9ef4ffe7a51dba05b54b7ba27e80c9be37833400911c5878d3dec659f4fa1579ec8ba4cfc485fb2ce24dd37c321006daa

          Download Submit

        • \Users\Admin\AppData\Local\mSXMcGT\msconfig.exe
          Filesize

          293KB

          MD5

          e19d102baf266f34592f7c742fbfa886

          SHA1

          c9c9c45b7e97bb7a180064d0a1962429f015686d

          SHA256

          f3c8bb430f9c33e6caf06aaebde17b7fddcc55e8bb36cec2b9379038f1fca0b1

          SHA512

          1b9f1880dd3c26ae790b8eead641e73264f90dc7aa2645acc530aad20ad9d247db613e1725282c85bca98c4428ac255752a4f5c9b2a97f90908b7fe4167bb283

          Download Submit

        • memory/1244-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-4-0x00000000777F6000-0x00000000777F7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1244-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-33-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-30-0x0000000077B90000-0x0000000077B92000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1244-29-0x0000000077A01000-0x0000000077A02000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1244-26-0x0000000002CD0000-0x0000000002CD7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1244-34-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-6-0x0000000002CF0000-0x0000000002CF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1244-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-71-0x00000000777F6000-0x00000000777F7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1244-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1492-89-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1492-92-0x000007FEF6AA0000-0x000007FEF6BD2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1576-68-0x000007FEF6AA0000-0x000007FEF6BD2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1576-74-0x000007FEF6AA0000-0x000007FEF6BD2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2276-42-0x000007FEF6AA0000-0x000007FEF6BD1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2276-0-0x000007FEF6AA0000-0x000007FEF6BD1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2276-3-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3024-56-0x000007FEF65D0000-0x000007FEF6702000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3024-53-0x00000000002B0000-0x00000000002B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3024-50-0x000007FEF65D0000-0x000007FEF6702000-memory.dmp

          Filesize

          1.2MB

          Download